CVE-2025-14262

Published: Dec 8, 2025

Modified: Dec 8, 2025

PUBLISHED

Description

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions. There is no workaround.

Vendor	Product	Versions
KNIME	KNIME Business Hub	affected `0 - < 1.17.0` unaffected `1.17.0`

Weaknesses (CWE)

CWE-708

References

https://www.knime.com/security/advisories#CVE-2025-11239

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-14262

Description

Affected Products

Weaknesses (CWE)

References